Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
L
lxc
Project
Overview
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Chen Yisong
lxc
Commits
5d55659d
Commit
5d55659d
authored
Feb 26, 2016
by
Christian Brauner
Browse files
Options
Browse Files
Download
Plain Diff
Merge pull request #855 from hallyn/2016-02-26/cgfs.crucial
fix cgfs failure for unpriv users
parents
127ef998
ea439aac
Hide whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
37 additions
and
21 deletions
+37
-21
cgfs.c
src/lxc/cgfs.c
+20
-5
cgmanager.c
src/lxc/cgmanager.c
+1
-16
cgroup.c
src/lxc/cgroup.c
+15
-0
cgroup.h
src/lxc/cgroup.h
+1
-0
No files found.
src/lxc/cgfs.c
View file @
5d55659d
...
...
@@ -807,6 +807,17 @@ static char *cgroup_rename_nsgroup(const char *mountpath, const char *oldname, p
return
newname
;
}
static
bool
is_crucial_hierarchy
(
struct
cgroup_hierarchy
*
h
)
{
char
**
p
;
for
(
p
=
h
->
subsystems
;
*
p
;
p
++
)
{
if
(
is_crucial_cgroup_subsystem
(
*
p
))
return
true
;
}
return
false
;
}
/* create a new cgroup */
static
struct
cgroup_process_info
*
lxc_cgroupfs_create
(
const
char
*
name
,
const
char
*
path_pattern
,
struct
cgroup_meta_data
*
meta_data
,
const
char
*
sub_pattern
)
{
...
...
@@ -974,8 +985,11 @@ static struct cgroup_process_info *lxc_cgroupfs_create(const char *name, const c
current_entire_path
=
NULL
;
goto
cleanup_name_on_this_level
;
}
else
if
(
r
<
0
&&
errno
!=
EEXIST
)
{
SYSERROR
(
"Could not create cgroup '%s' in '%s'."
,
current_entire_path
,
info_ptr
->
designated_mount_point
->
mount_point
);
goto
cleanup_from_error
;
if
(
is_crucial_hierarchy
(
info_ptr
->
hierarchy
))
{
SYSERROR
(
"Could not create cgroup '%s' in '%s'."
,
current_entire_path
,
info_ptr
->
designated_mount_point
->
mount_point
);
goto
cleanup_from_error
;
}
goto
skip
;
}
else
if
(
r
==
0
)
{
/* successfully created */
r
=
lxc_grow_array
((
void
***
)
&
info_ptr
->
created_paths
,
&
info_ptr
->
created_paths_capacity
,
info_ptr
->
created_paths_count
+
1
,
8
);
...
...
@@ -999,6 +1013,7 @@ static struct cgroup_process_info *lxc_cgroupfs_create(const char *name, const c
goto
cleanup_from_error
;
}
skip:
/* already existed but path component of pattern didn't contain '%n',
* so this is not an error; but then we don't need current_entire_path
* anymore...
...
...
@@ -1180,7 +1195,7 @@ static int lxc_cgroupfs_enter(struct cgroup_process_info *info, pid_t pid, bool
r
=
lxc_write_to_file
(
cgroup_tasks_fn
,
pid_buf
,
strlen
(
pid_buf
),
false
);
free
(
cgroup_tasks_fn
);
if
(
r
<
0
)
{
if
(
r
<
0
&&
is_crucial_hierarchy
(
info_ptr
->
hierarchy
)
)
{
SYSERROR
(
"Could not add pid %lu to cgroup %s: internal error"
,
(
unsigned
long
)
pid
,
cgroup_path
);
return
-
1
;
}
...
...
@@ -1509,7 +1524,7 @@ static bool cgroupfs_mount_cgroup(void *hdata, const char *root, int type)
if
(
!
abs_path
)
goto
out_error
;
r
=
mount
(
abs_path
,
abs_path2
,
"none"
,
MS_BIND
,
0
);
if
(
r
<
0
)
{
if
(
r
<
0
&&
is_crucial_hierarchy
(
info
->
hierarchy
)
)
{
SYSERROR
(
"error bind-mounting %s to %s"
,
abs_path
,
abs_path2
);
goto
out_error
;
}
...
...
@@ -2600,7 +2615,7 @@ static bool cgfs_chown(void *hdata, struct lxc_conf *conf)
continue
;
}
r
=
do_cgfs_chown
(
cgpath
,
conf
);
if
(
!
r
)
{
if
(
!
r
&&
is_crucial_hierarchy
(
info_ptr
->
hierarchy
)
)
{
ERROR
(
"Failed chowning %s
\n
"
,
cgpath
);
free
(
cgpath
);
return
false
;
...
...
src/lxc/cgmanager.c
View file @
5d55659d
...
...
@@ -1242,21 +1242,6 @@ static bool subsys_is_writeable(const char *controller, const char *probe)
return
ret
;
}
/*
* Return true if this is a subsystem which we cannot do
* without
*/
static
bool
is_crucial_subsys
(
const
char
*
s
)
{
if
(
strcmp
(
s
,
"systemd"
)
==
0
)
return
true
;
if
(
strcmp
(
s
,
"name=systemd"
)
==
0
)
return
true
;
if
(
strcmp
(
s
,
"freezer"
)
==
0
)
return
true
;
return
false
;
}
static
char
*
get_last_controller_in_list
(
char
*
list
)
{
char
*
p
;
...
...
@@ -1302,7 +1287,7 @@ static bool verify_final_subsystems(const char *cgroup_use)
char
*
p
=
get_last_controller_in_list
(
subsystems
[
i
]);
if
(
!
subsys_is_writeable
(
p
,
probe
))
{
if
(
is_crucial_
subsys
(
p
))
{
if
(
is_crucial_
cgroup_subsystem
(
p
))
{
ERROR
(
"Cannot write to crucial subsystem %s
\n
"
,
subsystems
[
i
]);
goto
out
;
...
...
src/lxc/cgroup.c
View file @
5d55659d
...
...
@@ -220,3 +220,18 @@ void prune_init_scope(char *cg)
*
point
=
'\0'
;
}
}
/*
* Return true if this is a subsystem which we cannot do
* without
*/
bool
is_crucial_cgroup_subsystem
(
const
char
*
s
)
{
if
(
strcmp
(
s
,
"systemd"
)
==
0
)
return
true
;
if
(
strcmp
(
s
,
"name=systemd"
)
==
0
)
return
true
;
if
(
strcmp
(
s
,
"freezer"
)
==
0
)
return
true
;
return
false
;
}
src/lxc/cgroup.h
View file @
5d55659d
...
...
@@ -83,5 +83,6 @@ extern void cgroup_disconnect(void);
extern
cgroup_driver_t
cgroup_driver
(
void
);
extern
void
prune_init_scope
(
char
*
cg
);
extern
bool
is_crucial_cgroup_subsystem
(
const
char
*
s
);
#endif
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
